Cyber Security and Privacy Control [NOOK Book]


This section discusses IT audit cybersecurity and privacy control activities from two focus areas. First is focus on some of the many cybersecurity and privacy concerns that auditors should consider in their reviews of IT-based systems and processes. Second focus area includes IT Audit internal procedures. IT audit functions sometimes fail to implement appropriate security and privacy protection controls over their own IT audit processes, such as audit evidence materials, IT audit workpapers, auditor laptop ...
See more details below
Cyber Security and Privacy Control

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$8.49 price
(Save 14%)$9.95 List Price
Note: This NOOK Book can be purchased in bulk. Please email us for more information.


This section discusses IT audit cybersecurity and privacy control activities from two focus areas. First is focus on some of the many cybersecurity and privacy concerns that auditors should consider in their reviews of IT-based systems and processes. Second focus area includes IT Audit internal procedures. IT audit functions sometimes fail to implement appropriate security and privacy protection controls over their own IT audit processes, such as audit evidence materials, IT audit workpapers, auditor laptop computer resources, and many others. Although every audit department is different, this section suggests best practices for an IT audit function and concludes with a discussion on the payment card industry data security standard data security standards (PCI-DSS), a guideline that has been developed by major credit card companies to help enterprises that process card payments prevent credit card fraud and to provide some protection from various credit security vulnerabilities and threats. IT auditors should understand the high-level key elements of this standard and incorporate it in their review where appropriate.
Read More Show Less

Product Details

  • ISBN-13: 9781118035764
  • Publisher: Wiley, John & Sons, Incorporated
  • Publication date: 4/12/2011
  • Series: Wiley Global Finance Executive Select Series, #172
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Sales rank: 1,376,893
  • File size: 274 KB

Meet the Author

Robert R. Moeller (Evanston, IL), CPA, CISA, PMP, CISSP, is the founder of Compliance and control Systems Associates, a consulting firm that specialized in internal audit and project management with a strong understanding of information systems, corporate governance and security. He has over 30 years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50 corporation. He held positions with Grant Thornton (National Director of Computer Auditing) and Sears Roebuck (Audit Director). A frequently published author and professional speaker, Moeller provides insights into many of the new rules impacting internal auditors today as well as the challenges audit committees face when dealing with Sarbanes-Oxley, internal controls, and their internal auditors. Moeller is the former president of the Institute of Internal Auditor's Chicago chapter and has served on the IIA's International Advanced Technology Committee. He is also the former chair of the AICPA's Computer Audit Subcommittee.
Read More Show Less

Table of Contents


Part One Auditing Internal Controls in an IT Environment.

Chapter 1 SOx and the COSO Internal Controls Framework.

Roles and Responsibilities of IT Auditors.

Importance of Effective Internal Controls and COSO.

COSO Internal Control Systems Monitoring Guidance.

Sarbanes-Oxley Act.

Wrapping It Up: COSO Internal Controls and Sox.


Chapter 2 Using CobiT to Perform IT Audits.

Introduction to CobiT.

CobiT Framework.

Using CobiT to Assess Internal Controls.

Using CobiT in a SOx Environment.

CobiT Assurance Framework Guidance.

CobiT in Perspective.


Chapter 3 IIA and ISACA Standards for the Professional Practice of Internal Auditing.

Internal Auditing's International Professional Practice Standards.

Content of the IPPF and the IIA International Standards.

Strongly Recommended IIA Standards Guidance.

ISACA IT Auditing Standards Overview.

Codes of Ethics: The IIA and ISACA.


Chapter 4 Understanding Risk Management Through COSO ERM.

Risk Management Fundamentals.

Quantitative Risk Analysis Techniques.

IIA and ISACA Risk Management Internal Audit Guidance.

COSO ERM: Enterprise Risk Management.

IT Audit Risk and COSO ERM.


Chapter 5 Performing Effective IT Audits.

IT Audit and the Enterprise Internal Audit Function.

Organizing and Planning IT Audits.

Developing and Preparing Audit Programs.

Gathering Audit Evidence and Testing Results.

Workpapers and Reporting IT Audit Results.

Preparing Effective IT Audits.


Part Two Auditing IT General Controls.

Chapter 6 General Controls in Today's IT Environments.

Importance of IT General Controls.

IT Governance General Controls.

IT Management General Controls.

IT Technical Environment General Controls.


Chapter 7 Infrastructure Controls and ITIL Service Management Best Practices.

ITIL Service Management Best Practices.

ITIL's Service Strategies Component.

ITIL Service Design.

ITIL Service Transition Management Processes.

ITIL Service Operation Processes.

Service Delivery Best Practices.

Auditing IT Infrastructure Management.


Chapter 8 Systems Software and IT Operations General Controls.

IT Operating System Fundamentals.

Features of a Computer Operating System.

Other Systems Software Tools.


Chapter 9 Evolving Control Issues: Wireless Networks, Cloud Computing, and Virtualization.

Understanding and Auditing IT Wireless Networks.

Understanding Cloud Computing.

Storage Management Virtualization.


Part Three Auditing and Testing IT Application Controls.

Chapter 10 Selecting, Testing, and Auditing IT Applications.

IT Application Control Elements.

Selecting Applications for IT Audit Reviews.

Performing an Applications Controls Reviews: Preliminary Steps.

Completing the IT Applications Controls Audit.

Application Review Case Study: Client-Server Budgeting System.

Auditing Applications Under Development.

Importance of Reviewing IT Applicatio Controls.


Chapter 11 Software Engineering and CMMi.

Software Engineering Concepts.

CMMi: Capability Maturity Model for Integration.

CMMi Benefits.

IT Audit, Internal Control, and CMMi.


Chapter 12 Auditing Service-Oriented Architectures and Record Management Processes.

Service-Oriented Computing and Service-Driven Applications.

IT Auditing in SOA Environments.

Electronic Records Management Internal Control Issues and Risks.

IT Audits of Electronic Records Management Processes.


Chapter 13 Computer-Assisted Audit Tools and Techniques.

Understanding Computer-Assisted Audit Tools and Techniques.

Determining the Need for CAATTs.

CAATT Software Tools.

Steps to Building Effective CAATTs.

Importance of CAATTs for Audit Evidence Gathering.


Chapter 14 Continuous Assurance Auditing, OLAP and XBRL.

Implementing Continuous Assurance Auditing.

Benefits of Continuous Assurance Auditing Tools.

Data Warehouses, Data Mining, and OLAP.

XBRL:  The Internet-Based Extensible Marking Language.

Newer Technologies, the Continuous Close, and IT audit.


Part Four Importance of IT Governance.

Chapter 15 IT Controls and the Audit Committee.

Role of the Audit Committee for IT Auditors.

Audit Committee Approval of Internal Audit Plans and Budgets.

Audit Committee Briefings on IT Audit Issues.

Audit Committee Review and Action on Significant IT Audit Findings.

IT Audit and the Audit Committee.

Chapter 16 Val IT, Portfolio Management, and Project Management.

Val IT: Enhancing the Value of IT Investments.

IT Systems Portfolio and Program Management.

Project Management for IT Auditors.


Chapter 17 Compliance with IT-Related Laws and Regulations.

Computer Fraud and Abuse Act.

Computer Security Act of 1987.

Gramm – Leach – Bliley Act.

HIPAA:  Healthcare and Much More.

Other Personal Privacy and Security Legislative Requirements.

IT-Related Laws, Regulations, and Audit Standards.

Chapter 18 Understanding and Reviewing Compliance with ISO Standards.

Background and Importance of ISO Standards in a Global Commerce World.

ISO Standards Overview.

ISO 19011 Quality Management Systems Auditing.

ISO Standards and IT Auditors.


Chapter 19 IT Security Environment CONTROLS.

Generally Accepted Security Standards.

Effective IT Perimeter Security.

Establishing an Effective, Enterprise-Wide Security Strategy.

Best Practices for It Audit and Security.


Chapter 20 Cyber-Security and Privacy Controls.

IT Network Security Fundamentals.

IT Systems Privacy Concerns.

PCI-DSS Fundamentals.

Auditing IT Security and Privacy.

Security and Privacy in the IT Audit Department.


Chapter 21 IT Fraud Detection and Prevention.

Understanding and Recognizing Fraud in an IT Environment.

Red Flags:  Fraud Detection Signs for IT and other Internal Auditors.

Public Accounting's Role in Fraud Detection.

IIA Standards and ISACA Materials for Detecting and Investigating Fraud.

IT Audit Fraud Risk Assessments.

IT Audit Fraud Investigations.

IT Fraud Prevention Processes.

Fraud Detection and the IT Auditor.


Chapter 22 Identity and Access Management.

Importance of Identity and Access Management.

Identity Management Processes.

Separation of Duties Identify Management Controls.

Access Management Provisioning.

Authentication and Authorization.

Auditing Identity and Access Management Processes.


Chapter 23 Establishing Effective IT Disaster Recovery Processes.

IT Disaster and Business Continuity Planning Today.

Building and Auditing an IT Disaster Recovery Plan.

Building the IT Disaster Recovery Plan.

Disaster Recovery Planning and Service Level Agreements.

Newer Disaster Recovery Plan Technologies: Data Mirroring Techniques.

Auditing Business Continuity Plans.

Disaster Recovery and Business Continuity Planning Going Forward.


Chapter 24 Electronic Archiving and Data Retention.

Elements of a Successful Electronic Records Management Process.

Electronic Documentation Standards.

Implementing Electronic IT Data Archiving.

Auditing Electronic Document Retention and Archival Processes.


Chapter 25 Business Continuity Management and BS 25999.

IT Business Continuity Management Planning Needs Today.

BS 25999 Good Practice Guidelines.

Auditing BCM Processes.

Linking the BCM with Other Standards and Processes.


Chapter 26 Auditing Telecommunications and IT Communications Networks.

Network Security Concepts.

Effective IT Network Security Controls.

Auditing a VPN Installation.


Chapter 27 Change and Patch Management Controls.

IT Change Management Processes.

Auditing IT Change and Patch Management Controls.


Chapter 28 Six Sigma and Lean Technologies.

Six Sigma Background and Concepts.

Implementing Six Sigma.

Lean Six Sigma.


Chapter 29 Building an Effective IT Internal Audit Function.

Establishing an IT Internal Audit Function.

Internal Audit Charter:  An Important IT Audit Authorization.

Role of the Chief Audit Executive.

IT Audit Specialists.

IT Audit Managers and Supervisors.

Internal and IT Audit Policies and Procedures.

Organizing an Effective IT Audit Function.

Importance of a Strong IT Audit Function.


Chapter 30 Professional Certifications:  CISA,  CIA, and More.

Certified Information Systems Auditor Credentials.

Certified Information Security Manager Credentials.

Certificate in the Governance of Enterprise IT.

Certified Internal Auditor Responsibilities and Requirements.

Beyond the CIA:  Other IIA Certifications.

CISSP Information Systems Security Professional Certification.

Certified Fraud Examiner Certification..

ASQ Internal Audit Certifications.

Other Internal Auditor Certifications.


Chapter 31 Quality Assurance Auditing and ASQ Standards.

Duties and Responsibilities of Quality Auditors.

Role of the Quality Auditor.

Performing ASQ Quality Audits.

Quality Assurance Reviews of IT Audit Functions.

Future Directions for Quality Assurance Auditing.


About the Author.


Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)